Swordphish – Phishing Awareness Tool

Swordphish is a platform allowing to create and manage fake phishing campaigns. The goal of Swordphish is to raise your users’ awareness regarding phishing in a secure way.

Swordphish - Phishing Awareness Tool
Swordphish – Phishing Awareness Tool

The platform requires a few important things before starting installation process:

  • Server
  • two domains names: one to join Swordphish web page and at least one phishing domain (to send mails and host phishing pages)
  • Mail server

The domain(s) used to send mail and host phishing pages must have at least two entry in the DNS Zone. An A entry pointing to the server and a subdomain wildcard entry pointing to the same server IP (it allows to use subdomains in phishing pages).

You can add your targets manually or create an excel file lists with Tags so you can organize the phishing attack according to your need and mailing list.

Common best practices to create templates:

  • Picture resizing on the fly (by setting width or height values) are sometimes not taken in consideration by mail clients and word
  • It’s recommended to test templates before starting a campaign using the test functionality (campaigns test functionality)
  • Templates can be shared with the community using the tick box at the bottom of the form. This will authorize any user to use it for a campaign.
  • A “fullscreen” button is provided in the rich text editor for a better user experience

Among the templates there is a fake ransomware email to scare but it will not encrypt any file. It’s more a tech scam than a ransomware.

You can read more and download the platform over here: https://github.com/certsocietegenerale/

Share